Mayhem example templates for programming languages and fuzzers that you love! Like a "Hello World!" but for fuzzing!
Use the Mayhem CLI to execute a new Mayhem run (via the mayhem run
command) for any mayhem-examples target directory with a valid Mayhemfile
. Alternatively, Mayhem users can use the Mayhem UI to execute a new Mayhem run by selecting and fuzzing a mayhem-examples target Docker image uploaded to either the private Mayhem Docker Registry or the public Docker Hub.
Note: Before executing a Mayhem run on the mayhem-examples, you'll need to first upload the below mayhem-example targets to either a private Mayhem Docker Registry or to the public Docker Hub. Read the How to Get Started section for more details.
Order is alphabetical.
Fuzzer | dictionary | max_length | sanitizers |
---|---|---|---|
mCode | ✓ | ✓ | ✓ |
AFL | ✓ | ✓ | |
honggfuzz | ✓ | ✓ | ✓ |
libFuzzer | ✓ | ✓ | ✓ |
Use the Mayhemfile
parameters as follows:
-
Dictionary: The path to an AFL-compatible dictionary file. The path should be relative to the root of the container. For instance, if the dictionary is under
/etc/foo/bar/http.dict
inside the image, the dictionary path in the Mayhemfile should be/etc/foo/bar/http.dict
.dictionary: /tmp/my-dictionary
-
Max Length: Maximum length (in bytes) that will be provided as input to the fuzz target and should not exceed 100MB, otherwise the Mayhemfile will fail to validate. Test cases in the starting testsuite larger than the specified maximum length will be truncated to the value set.
max_length: 8192
-
Sanitizers: Set to true only if the target executable is compiled with a sanitizer
sanitizer: false
Don't see your language/fuzzer in the list above? Let us know or better yet send us a PR adding it! Checkout our CONTRIBUTING.md guidelines.
Navigate to each Language/Fuzzer folder and follow the individual build instructions. Alternatively, you can use the included Makefile
in the root directory of the mayhem-examples
GitHub repository to build the compilation of Dockerfiles and then tag and push the resulting Docker images to the Docker registry of your choice (private or public such as Docker Hub) all in one go!
You'll need to first log into your desired Docker registry using the docker login
command and then set a MAYHEM_DOCKER_REGISTRY
environment variable to the URL of the specified Docker registry.
For example, for a private Docker registry you'll want the following:
export MAYHEM_DOCKER_REGISTRY=tutorial.forallsecure.com:5000
Alternatively, for a public Docker registry like Docker Hub, you'll want the following:
export MAYHEM_DOCKER_REGISTRY=docker.io
Once complete, just run the following commands:
make build
make push
With the Docker images now pushed to a private or public Docker registry, just use either the Mayhem CLI or the Mayhem UI to create a new run and start fuzzing!
For example, you'll need to set a Mayhemfile
with a image
parameter similar to the following for a private Docker registry, where $MAYHEM_DOCKER_REGISTRY
represents the URL of the private Mayhem Docker registry:
image: $MAYHEM_DOCKER_REGISTRY/forallsecure/c-base-executable:latest
duration: 90
project: mayhem-examples
target: c-base-executable
cmds:
- cmd: /mayhemit @@
Otherwise, you can set the Mayhemfile
with a image
parameter to a public Docker Hub URL like so:
image: forallsecure/c-base-executable:latest
duration: 90
project: mayhem-examples
target: c-base-executable
cmds:
- cmd: /mayhemit @@
Mayhem performs behavioral testing where the application is dynamically ran and analyzed. In order to do so, Mayhem needs the complete application, including executable, libraries, and configuration files.
Docker is popular because it solves the problem of creating a reproducible environment. To quote from Docker:
Docker is a platform for developers and sysadmins to develop, deploy, and run applications with containers. The use of Linux containers to deploy applications is called containerization. Containers are not new, but their use for easily deploying applications is.
A container runs natively on Linux, and shares the underlying runtime. Three key benefits of Docker that Mayhem leverages include:
- Isolation: Docker provides a convenient way to isolate different apps, each of which may have different dependencies.
- Configuration-as-Code: When you create a Docker image, you write a
Dockerfile
, which gives the exact commands to build the image. TheDockerfile
can be edited and revision controlled like any other text file. - Efficiency: Docker uses a layered file system, which means if two applications share the same files, you only need one copy.
Given a Docker image, Mayhem will spin up and tear down Docker containers as needed to run the specified application in the containerized environment.
Mayhem can run Docker images stored on either the included private Docker registry (as a part of your Mayhem deployment) or through Docker Hub, which hosts tens of thousands of public Docker images. If you are storing your images on your private registry, you will need to specify this in the Mayhemfile.
ForAllSecure was founded with the mission to make the world’s critical software safe. The company has been applying its patented technology from over a decade of CMU research to solving the difficult challenge of making software safer. ForAllSecure has partnered with Fortune 1000 companies in aerospace, automotive and high-tech industries, as well as the US Department of Defense to integrate Mayhem into software development cycles for continuous security. Profitable and revenue-funded, the company is scaling rapidly.